A US senator wants some answers about "Pokémon Go." Specifically, what data it is harvesting from its players.

Senator Al Franken has written to Niantic, the company behind the wildly popular smartphone game, with a list of questions about how it is collecting and using user data.

"I am concerned," the Minnesota politician wrote, "about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information without their appropriate consent ... I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players."

Sen. Franken's questions centre around whether the data being collected is all necessary for the game to operate, and whether it is being collected for any other purposes.

"Can you explain exactly which features and capabilities are necessary for Pokémon GO to access for the provision or improvement of services?" he asks about the permissions the game requests. "Are there any other purposes for which Pokémon GO has access to all of these features and capabilities?"

He also asks which third parties the data collected is being shared with, and questions how children (or their guardians) can give consent to this data collection: "Can you describe how Niantic ensures parents provide meaningful consent for their child's use of Pokémon GO and thus the collection of their child's personal information? Apart from publicly available privacy policies, how does Niantic inform parents about how their child's information is collected and used?"

Since its launch last week, "Pokémon Go" has become an extraordinary phenomenon. The game involves exploring the real world via "augmented reality" to collect Pokémon you can upgrade and battle. It has been downloaded millions of times — sending Nintendo's stock skyrocketing.

But there has also been a subsequent privacy backlash after people noticed that the app was requested "full access" to users' Google accounts. Niantic has subsequently said this was a mistake, that it did not access user account data, and worked with Google on a fix. (Sen. Franken also asks about this, asking for confirmation that the company "never collected or stored any information it gained access to as a result of this mistake.")